On 06/08/2013 03:21 PM, Hauke Laging wrote: > Crypto is NOT about comfort but about security. The point is: Does a > certification make sense? Most certifications I see do not.
People simply won't use tools that they aren't comfortable with. This is a delicate tradeoff, but if you're willing to sacrifice everyone's comfort to build a system, that system simply won't get used. The end result? decades of cleartext e-mail, long after we had the tools to do better :( > They come without a certification level, Including a certification level, given the state of modern OpenPGP implementations, is meaningless and serves only to leak information about the social graph which otherwise wouldn't be leaked. I think it's also a bad idea, and i'm grateful to Werner and the rest of the GnuPG crew that it is not a question asked by default, as i've also argued publicly recently: https://debian-administration.org/users/dkg/weblog/98 > without a policy URL, usually have no > (especially not a reliably signed) key policy and are usually not made by > offline main keys (or similar). In the end: more or less worthless. The WoT > in > its current form is occupational therapy for people who refuse to do crypto > right (or rather: don't know what that means). If you want to be able to do machine-level inference about user identity (so that a user's computer can tell them with confidence "This is Sally, you know this because Joe said so"), and you insist that policy URLs are critical then you probably also need machine-readable policies; and you need to define a way that users can declare their sentiments about specific policies, in addition to declaring their sentiments about how well they think some other keyholders can effectively implement each flavor of policy encountered. This sounds like a complicated mess, and afaict no one is working on this. it is another barrier to participating in the OpenPGP network of certifications. Learning the basics of what it means to responsibly hold a secret key and make (or choose to not make) identity assertions with it is already too complex for most people. Adding layers of complexity to the system will simply make the user base smaller. This is particularly disastrous with systems that rely on the network effect for any sort of public usefulness. > Who cares? The question is: Does such a UID make the key better (with or > without the WoT)? And if the answer is "It does", who would dare argue > against > that with the vague definition from the RfC? I would argue "it doesn't make it better" because it confuses people about what User IDs are, which makes it harder for them to participate in OpenPGP's network of certifications. Clearly, we disagree here. > A comment may be a statement about the function of the key owner in an > organization and thus is an important part of the identity. This is > explicitly > intended by signature law! Such a comment should be certified by the > organization's certification key only. It sounds like you're saying that the presence of some comments in User IDs make it so that no one else is supposed to certify those User IDs, for some sort of legal reason ("signature law") which i don't know about or understand. If this is correct, this sounds like yet another reason for me to not want to get into the habit of certifying any User IDs with comments in them. > You have to read the comment statement and its certification right. It > obviously doesn't mean "I have checked that this is true" as everybody > immediately understands that it is not possible for the certifier to check > this. Instead it means: "I testify to it that the key owner makes this > statement about the certified key." And statements about keys are damn > important. You cannot do secure crypto without them. I'm wary of the term "secure" -- can you be more specific about what benefits we gain as a community from a comment in a User ID like "I have this primary key offline"? Are there no other ways to gain those benefits without putting the comment in the User ID? > You are right insofar as in a perfect world this information might better be > placed elsewhere (standardized, machine readable signature notations). But in > this world and this time not even policy URLs are shown by default. If you think that policy URLs should be shown by default, you should make the case for that. I suspect they're not currently shown by default because they are an additional source of confusion in an already too-confusing interface for most people. Who do you want to be able to participate in the public network -- just a handful of experts steeped in the arcana? or everyone capable of operating a computer at a reasonable level? >> https://www.debian-administration.org/users/dkg/weblog/97 > > Sorry but the example you use on that page is ridiculous. It doesn't prove > anything about UID comments except for the trivial fact that it is possible > to > use them for ridiculous purposes. You really should not leave that online. clearly, we disagree about this. But the overwhelming majority of comments in User IDs on the public keyservers are exactly of the ridiculous types used as examples in that page. Try looking at them sometime, it's pretty depressing. This suggests to me that this feature (the "comment" prompt when generating a new User ID) is causing more confusion and difficulty than it is providing benefit. > If someone makes a statement about the security of his key and decides to > change this statement for the same key (no matter in which direction) that > would be self-sabotage. Stupid behaviour but not nearly an argument against > statements about key security. And such statements are useless if they are > not > certified. You'll note that i'm not objecting to statements about key security in general. I'm objecting to placing them in the User ID. You can make these statements in other forms than placing them in the User ID. For example, you can put a signed message on your web site about your key maintenance habits, which other people could refer to when they want to learn from you. > It would make sense that the certifier demands that statement on > paper with a manual signature. again, it sounds like you're asking for something that would make an already-too-cumbersome process even more cumbersome. I don't think that's to the advantage of the community as a whole. Regards, --dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
